I've been preparing for a talk at SacLug tomorrow and
exploring the wonderous WikiWikiWeb. Wiki is what I've
always wished the web was: content-driven, massivly
hyperlinked. Great fun.

The temptation to write my own Wiki is strong. I'd like to
convert my whole homepage and website into a wiki, and if I
wrote my own I could add several features I'd like to have,
that have to really be designed in from the beginning.

Shaleh and I enjoyed giving a debian talk in
Sacramento
yesterday. Today, I attended the local FreeBSD LUG; they
were doing a discussion of FreeBSD and Linux and what
differences really exist between the two (not the ancient
"foo has better networking" stuff, real differences of
today). It was a very interesting and flame-free discussion.
I see Shaleh has posted an article about it.

I discovered multiple holes in the debian website
today,
only
exploitable by debian developers though, mostly via
client-side-scripting methods. It's being fixed as I type,
but
web security is such a PITA. Oh, and I just found a home in
advogato, which I will be mailing raph about.

I got my Vaio's hibernation working again - yay! Seems it
was a victim of "I wonder what this file does -- let's
delete it and find out" syndrome. Luckily fixing this was
easy.

On the other hand, I now have a 128 mb file in /dos that
contains the full contents of memory as of last hibernation.
So I'll have to repartition fairly soon anyway to move that
to someplace a little less visible.

I spent most of today writing HTML::Sanitizer, a perl module
to sanitize untrusted html code by removing all tags except
a set you specify, and all tag attributes except sets you
specify.

It also removes all traces of javascript. This is
suprisingly hard -- not only can javascript lurk inside
<script> tags, but there are html javascript entities, and
even a way to embed javascript inside any tag attribute that
is used as an URL. I regard embedding such a major source of
security holes into the html spec in such a myrid of ways as
very irresponsible -- and I wonder what other stupid html
extentions out there I should make my code deal with.

I wrote this because I needed it for a web site I am
designing and I could find no equivilant library for perl.
Of course numerous sites like advogato and slashdot address
these problems with ahem varying degrees of
success, but doing it in a independant library seems like a
better solution. If anyone knows of any other code that
deals with this problem, preferably general-purpose code in
a library, I'd really like to examine it.

This weekend I did a lot of hacking on my WikiClone.
It's approaching usability, and the cvs backend is working
great.
I spent some time trying out other WikiClones for ideas; I
seem to have all of them beat in the WayBackMode
department. Next I am going to add either tagging or
(possibly) branching support. I think branching probably
detracts from the WikiEssense
though.

My wiki is currently about 120 lines of code,
plus another 200 lines in plugins. It seems that most wiki
implementations are basically small.

This got me thinking about what a small change a wiki is
over the regular web. We were so close back in 1994
-- and it slipped away and turned into the general mess
(advogato nonwithstanding) the web is today.

'Scuse the periodic I-Hate-The-Web drivel...

I was fairly productive today, got a lot of support
utilities written for i18n of packages that use debconf, and
a fair amount of bugfixing done.

I am fed up with people who pop up on some Debian list with
a gripe about the GPL. Why does Debian attact these boring
discussions? Mail RMS -- sheesh.

I spent some time this evening researching cookies. I found
interesting things like this ancient
security hole in netscape and IE, that lets two web
sites on unrelated domains both see the same cookie. This
was discovered in late 1998 and is still not fixed in
netscape.

Or, take the cookie RFC itself, and perl's CGI::Cookie
module, which claims to follow RFC 2109 but violates it in
(at least) 4 different ways. Of course, I doubt this
matters, since netscape has not been updated to support RFC
2109 at all anyway.

If anyone knows where a Palm V (or Vx) ccan actually be
bought in the next 2 weeks, please tell me. I am buying one
as a graduation present, and I've waited too long. It seems
there is a terminal shortage of Palm V's, and the 30 or so
places I have chacked all have them on backorder. Not being
a Palm user, I have no idea why.

I did a lot of shopping today, including finding a carrying
case for my laptop. It's not really a laptop case, just
small leather case you'd put a small (paper) notebook and
other business-type stuff in. It's a perfect fit though. I'm
glad I was able to find a case so easily: I had thought it
might be rather tough, as my laptop is rather small. :-)

Still trying uncessfully to find a Palm 5. I wasn't willing
to pay $80 over the list price on ebay, or I could have had
one.

I spent some time today trying to get a handle on what
security fixes have been going into debian lately, and why
nobody has bothered to issue security fixes. Argh.

Seth, thanks for reminding me about Deep Breakfast. I'd
forgotten I even owned it, and am enjoying it all over
again. My musical tastes has been really slow to develop
(or I've just had a really hard time finding music I like),
but I've always enjoyed this album. I should buy it on CD,
I'm sure that'd be much improved.